Car hacking: there’s more than one way to crash a car [VIDEO]

At the Black Hat conference in Las Vegas this week, security researchers will demonstrate their ability to hack into cars such as the Toyota Prius and Ford Escape, and mess around with vehicles’ internal electronic systems, including those related to braking and steering.

The researchers, Charlie Miller and Chris Valasek, received a grant totalling over $80,000 from the United States’ Defense Advanced Research Projects Agency (DARPA) to investigate the issue.

The funding, by the way, was definitely needed. When Miller, for instance, discovered how to disable the brakes on a moving vehicle he managed to crash his test car into his garage, crushing his lawnmower and causing damage to a wall.

A flavour of what can be expected by the researchers’ investigation into digital carjacking is available for all to see in this video made by Forbes reporter Andy Greenberg:

It certainly makes for one of the more impressive hacking demonstrations you’re likely to see for quite some time, and the accompanying article by Greenberg is well worth a read.

Cars these days are complicated, sophisticated devices with computer control systems at their heart more complicated than those which put a man on the moon.

Although the average driver shouldn’t currently be losing too much sleep about these security flaws, it is becoming clear that there are ways to mess with a vehicle’s electronic innards that could lead to danger.

Although the risk is currently very slight, car manufacturers need to be prepared to reach outside their traditional talent pool, and bring in system security engineers to help ensure that their cars know when they are being meddled with or sent bogus instructions.

Aside from the public safety angle, car manufacturers must realise that it would only take one or two malicious targeted attacks against a vehicle for a manufacturer to have a potentially devastating blow to their brand reputation.

After all, no-one wants to drive the same car as the one that got hacked, killing a foreign leader or terrorist.

We have to hope that security researchers act responsibly, and work with the car manufacturers to help them secure their systems rather than sell details of potential vulnerabilities to the highest bidder.

If researchers are concerned that manufacturers are taking too long to fix problems, then the best route is not to go public with how to hack a car, but instead apply pressure to the manufacturer by approaching the media and demonstrate to them the flaws that exist.

The high visibility of Forbes’s video hopefully will go some way to waking up the security teams behind the Ford and Toyota cars to the potential risk.

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Smashing Security podcast

Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy!